Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-33640

Опубликовано: 19 дек. 2022
Источник: nvd
CVSS3: 6.2
CVSS3: 9.8
EPSS Низкий

Описание

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:openatom:openeuler:20.03:sp1:*:*:lts:*:*:*
cpe:2.3:o:openatom:openeuler:20.03:sp2:*:*:lts:*:*:*
cpe:2.3:o:openatom:openeuler:22.03:*:*:*:lts:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

EPSS

Процентиль: 40%
0.00183
Низкий

6.2 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-416
CWE-416

Связанные уязвимости

redhat логотип

CVE-2021-33640

CVSS3: 6.2
redhat
около 3 лет назад

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

msrc логотип

CVE-2021-33640

CVSS3: 9.8
msrc
около 3 лет назад

Описание отсутствует

github логотип

GHSA-pjrv-5vw3-5frj

CVSS3: 9.8
github
около 3 лет назад

After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).

EPSS

Процентиль: 40%
0.00183
Низкий

6.2 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-416
CWE-416